codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00

Author	SHA1	Message	Date
github-actions[bot]	69df9f9daa	JS: Bump version of ML-powered library and query packs to 0.4.1	2022-11-07 13:06:46 +00:00
github-actions[bot]	82277d8f56	JS: Bump minor version of ML-powered library and query packs	2022-11-07 13:00:28 +00:00
github-actions[bot]	268a990aa6	JS: Bump version of ML-powered model pack to 0.3.1	2022-11-07 13:00:28 +00:00
github-actions[bot]	a1e0bf022e	ATM: Update model pack dependency of ML-powered model building and query packs	2022-11-07 13:00:27 +00:00
github-actions[bot]	be808deb59	JS: Bump minor version of ML-powered model pack	2022-11-07 12:59:44 +00:00
erik-krogh	fc38bf0429	Merge branch 'main' into aliasFlow	2022-11-07 09:46:48 +01:00
erik-krogh	40032f295a	treat arrays that gets executed with shell:true as a sink for `js/shell-command-constructed-from-input`	2022-11-07 09:19:05 +01:00
erik-krogh	bc5b7455cf	add failing test	2022-11-07 09:14:52 +01:00
Dave Bartolomeo	b8e1aa67d8	Merge pull request #11134 from github/post-release-prep/codeql-cli-2.11.3 Post-release preparation for codeql-cli-2.11.3	2022-11-05 13:54:49 -04:00
github-actions[bot]	fca754bddd	Post-release preparation for codeql-cli-2.11.3	2022-11-05 14:30:48 +00:00
Dave Bartolomeo	013b7eff1c	Apply suggestions from code review Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2022-11-04 18:46:32 -04:00
github-actions[bot]	508327235a	Release preparation for version 2.11.3	2022-11-04 20:16:23 +00:00
tiferet	833041c62e	Fix QLDoc style errors	2022-11-04 09:30:31 -07:00
tiferet	2aa4651534	Remove predicates not yet used from the current PR	2022-11-04 09:30:31 -07:00
tiferet	74c8bfff4f	Minor changes from code review	2022-11-04 09:30:31 -07:00
tiferet	e60c016fc6	Format fixes	2022-11-04 09:30:31 -07:00
tiferet	cbf81b8839	Improve the import structure	2022-11-04 09:30:31 -07:00
tiferet	300456cd3e	Enforce the abstraction over characteristics: Make the implementations of specific `EndpointCharacteristic`s private.	2022-11-04 09:30:31 -07:00
tiferet	c0cc754fb5	Rename ClassificationReasons Change the name to EndpointCharacteristics.	2022-11-04 09:30:30 -07:00
tiferet	a4939b91e7	Generalize the definition of a known sink: If the list of reasons includes positive indicators with maximal confidence for this class, it's a known sink for the class. This negates the need for each query config to define the isKnownSink predicate individually.	2022-11-04 09:30:29 -07:00
tiferet	08bbe596a2	Create the sink ClassificationReasons Write the reasons that indicate that an endpoint is a sink for each sink type. Also fix import error.	2022-11-04 09:30:29 -07:00
Henry Mercer	3e863a539a	ATM: Fix CodeQL pack workspace references This fixes the [ATM PR checks](https://github.com/github/codeql/actions/runs/3392995797/jobs/5639827326) breaking on main as a result of https://github.com/github/codeql/pull/11004.	2022-11-04 14:03:34 +00:00
Erik Krogh Kristensen	c82d8cbacc	Merge pull request #11013 from erik-krogh/sndCmd JS: second-order-command-injection	2022-11-04 10:58:50 +01:00
Michael Nebel	3c8fb0520e	C#: Sync files.	2022-11-04 08:20:53 +01:00
Erik Krogh Kristensen	1f51bd4594	add dash in description Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-11-03 16:24:59 +01:00
erik-krogh	96ec54e5be	fix minor issues in qhelp	2022-11-03 14:01:58 +01:00
erik-krogh	b5666888b1	rewrite @description of second-order-command-injection	2022-11-03 14:00:29 +01:00
erik-krogh	655b4a4d17	recognize more re-exported values as exported	2022-11-03 11:08:00 +01:00
erik-krogh	94e864e933	add failing test	2022-11-03 11:04:04 +01:00
Dave Bartolomeo	15be488c53	Fix typo	2022-11-02 12:40:55 -04:00
Dave Bartolomeo	7cad4b7918	Revert changes to ATM, which isn't in the workspace	2022-11-02 12:37:30 -04:00
erik-krogh	851d53d56b	don't sanitize calls through substring calls that just remove the start	2022-11-01 22:51:07 +01:00
erik-krogh	08bc14f598	add failing test	2022-11-01 22:50:13 +01:00
erik-krogh	15416a9c86	fix getCanonicalCharClass in NfaUtils	2022-11-01 21:35:07 +01:00
erik-krogh	78e35e2f29	add failing test	2022-11-01 21:33:19 +01:00
Dave Bartolomeo	9d5e5e3ee7	`${workspace}` all the things	2022-11-01 13:29:05 -04:00
Dave Bartolomeo	49c4c554c4	Merge from `main`	2022-11-01 13:22:40 -04:00
erik-krogh	6f3ca40fed	expand the explanation to include with arguments make the commands vulnerable	2022-11-01 14:24:23 +01:00
Erik Krogh Kristensen	8fd6424db9	fix the qhelp Co-authored-by: Asger F <asgerf@github.com>	2022-11-01 14:05:25 +01:00
Erik Krogh Kristensen	ff2a5e8c27	Merge pull request #10986 from erik-krogh/tsPerf JS: push more context into load/store steps from the exploratory flow-analysis	2022-11-01 09:03:24 +01:00
erik-krogh	5e5160d4fc	add which commands are flagged in the change-note	2022-10-31 21:42:59 +01:00
erik-krogh	fc2112831c	add second-order-command-injection query	2022-10-30 21:20:47 +01:00
erik-krogh	0a7e797090	update expected outputs after reordering tests	2022-10-28 10:16:21 +02:00
erik-krogh	946720f414	reorder the CWE-078 tests into subdirectories	2022-10-28 10:16:21 +02:00
Erik Krogh Kristensen	bbdda9ef70	Merge pull request #10727 from erik-krogh/js-last-msg JS: fix some more style-guide violations in the alert-messages	2022-10-27 15:48:12 +02:00
Taus	503cc560cf	Merge pull request #10943 from bananabr/main Javascript/Python: Tokens built from predictable UUIDs	2022-10-27 14:12:34 +02:00
Jeroen Ketema	1d7efd8e82	Merge pull request #10905 from jsoref/spelling-code-scanning-product Spelling code scanning product	2022-10-27 12:55:37 +02:00
Erik Krogh Kristensen	cecb498bf3	Merge pull request #10984 from tyage/add-next-js-source JS: Add Next.js parameters as source	2022-10-27 10:36:12 +02:00
tyage	c22f9443f2	Refactoring Next.js parameter Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:28:51 +09:00
tyage	e8b751ae17	Update javascript/ql/src/change-notes/2022-10-26-nextjs-params.md Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:24:08 +09:00

... 60 61 62 63 64 ...

11309 Commits